topic Re: postgres update in Splunk Enterprise

postgres update

SiddhatNegi — Mon, 13 Apr 2026 06:11:04 GMT

i am getting on vulnerability on one of the servers . how can i upgrade it.

Re: postgres update

richgalloway — Mon, 13 Apr 2026 11:56:03 GMT

Check https://advisory.splunk.com and install the version of Splunk that fixes that vulnerability.

Do NOT attempt to patch postgres independently.

Re: postgres update

kknairr — Mon, 13 Apr 2026 13:42:18 GMT

@SiddhatNegi As per your screenshot, the vulnerability is related to PostgreSQL which Splunk bundles as part of its internal services. To remediate the vulnerability, upgrade Splunk Enterprise version to the latest maintenance release that includes PostgreSQL 17.8. Please do not attempt to patch PostgreSQL separately as it's part of Splunk bundle and can cause issues. You can review the Splunk advisory and search for the respective CVE number. If you can share the CVE details and Splunk version you are running, we can assist further to locate the actual version to fix it.

Ref: Splunk Vulnerability Disclosure

If this post addressed your question, you can:

Give it karma to show appreciation 👍
Mark it as the solution if it solved your issue ✔️
Add a comment if you’d like more details ✏️

Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.

Re: postgres update

SiddhatNegi — Mon, 13 Apr 2026 13:52:53 GMT

so splunk version is 10.2.0

hope this helps.

Re: postgres update

nikhil14aug — Tue, 14 Apr 2026 14:06:37 GMT

What is wrong with addressing postgress directly?

tar xf postgresql-17.8.tar.bz2 cd postgresql-17.8 yum install -y gcc readline-devel zlib-devel libicu-devel perl-FindBin ./configure --prefix=/opt/splunk make make install

this worked fine for me

Re: postgres update

richgalloway — Wed, 15 Apr 2026 12:01:28 GMT

We don't know what customizations Splunk may have made to postgres. Installing code from another source may introduce incompatibilities.

Code not released by Splunk may not be supported by Splunk.

Changing delivered files may trigger File Integrity Check warnings.

Re: postgres update

SplunkNinja — Fri, 01 May 2026 20:33:47 GMT

@richgalloway

I just upgraded to Splunk Enterprise 10.0.5 but I am still seeing the postgres vuln. Do you know when postgres version 17.8 will be bundled with a new Splunk update?

Path : /opt/splunk/bin/postgres
Installed version : 17.7
Fixed version : 17.8

Third-Party Package Updates in Splunk Enterprise - April 2026

Package Remediation CVE Severity

protobuf1	Upgraded protobuf to version 5.29.6	CVE-2026-0994	High
postgresql2	Upgraded postgresql to version 17.7	Multiple	Medium
azure-core3	Upgraded azure-core to version 1.38.0	Multiple	High
OpenSSL4	Upgraded OpenSSL to version 1.0.2zo	CVE-2026-22796	Low

Re: postgres update

richgalloway — Fri, 01 May 2026 21:00:45 GMT

Splunk 10.0.x is not the latest version. Try 10.2.x.

Re: postgres update

SplunkNinja — Fri, 01 May 2026 21:36:20 GMT

From what I can see in the latest Third-Party Package Updates in Splunk Enterprise - April 2026

2 Upgraded postgresql to version 17.7 to remedy CVE-2025-12817 and CVE-2025-12818 in Splunk Enterprise versions 10.2.2 and 10.0.5. Splunk Enterprise versions 9.4 and 9.3 are not affected

Seems like Splunk Enterprise versions 10.2.2 and 10.0.5 mitigate CVE-2025-12817 and CVE-2025-12818, but I am not seeing any mention of remediating CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006 in the latest Splunk Security Advisories. I need to wait before updating and see which Splunk version brings postgres to version 17.8